Analysis of methods for authentication implementation based on tokens of access for corporate system of data storage and sharing
Abstract
In recent years, the population of single page applications, mobile applications and web services is growing rapidly. As a result, the approaches to developing such applications are changing significantly. Usage of new approaches brings new implementation methods of authentication in modern applications. The objectives of this research are implementation methods of token based authentication for corporate system of data storage and sharing, investigation of such method usage expediency, research for existing solutions and analyzing their advantages and disadvantages. A protection from unauthorized access is the most important attribute for corporate system of data storing and sharing. This is the one of the most important components which guarantees providing high quality service. The intensity of improvements of ways to hack information systems are growing significantly. So, the information security system should provide reliable performing of data processing, transferring and storing. The results of the research on the use of the token based authentication system are presented in this article. This type of authentication was compared with cookie based authentication. The main advantages and disadvantages of this approach were described. Access token is a fragment of a data contained user claims. Token allows server to identify the user, group of the users and/or application. Token is used by client side application as a key to the API. The main goal of the access token is to inform that the bearer of this token has access to the API. Function of a token based authentication is to provide every request to the server with signed access token. This token is checked by server on authenticity. After that the server responds to request depending on the results of the checking. There is a JSON Web Token (JWT) standard that describes access token structure, ways of it usage and caching procedures. This article contains the detailed description of the JWT usage scenarios. There is a description of the authentication process based on refresh token usage that brings more control over user sessions. The ways to sign the token described as well. The result of this research is defined implementation methods of authentication. Advantages and disadvantages of token based authentication were defined. Step-by-step analysis of possible working algorithms of authentication system was performed
Keywords
identification; authentication; access token; information system; confidential data; information security; unauthorized access
References
- Chapman, N. Chapman, J. (2012) Authentication and Authorization on the Web. MacAvon Media, 236 p.
- Dasgupta, D., Arunava, R., Nag, A. (2017) Advances in User Authentication. Springer International Publishing AG, 233 p.
- Topol, B., Nash, H., Martinelli, S. (2015) Identity, Authentication, and Access Management in OpenStack. O'Reilly Media,130 p.
- Afanas'ev, A.A., Veden'ev, L.T., Voroncov, A.A. (2012) Authentication. The theory and practice of research of secure access to the information resources. Moscow: Goryachaya liniya-Telekom.
- Barabanov, A.V., Dorofeev, A.V., Markov, A.S., Cirlov, V.L (2017) Seven secured information technologies. Moscow: DMKPress.
- Baranova, E.K., Babash, A.V. (2017) Information security and protection. Moscow: Infa-M.
- Barichev, S.G., Goncharov, V.V., Serov, R.Е. (2017) Basics of modern cryptography. Moscow: Goryachaya liniya-Telekom.
- Gorbatov, V.G., Polyanskaya, O.YU. (2004) Basics of PKI technology. Moscow: Goryachaya liniya-Telekom.
- Malyuk, A.A., Pazizin, S.V., Pogozhin, N.S. (2001) Introduction into information protection in automated systems. Moscow: Goryachaya liniya-Telekom.
- Malyuk, A.A., Gorbatov, V.S., Korolev, V.I. (2011) Introduction into information security. Moscow: Goryachaya liniyaTelekom.